Are there any attack vectors based on SD card?

  • Today I went to a big tech market to buy a new SD card for my BQ E4.5. I bought a SanDisk microSDHC UHS-I 16 GByte. When I pulled it our from its plastic cover it was easy to open and I already though that someone opened this plastic once. I plugged it in and ... it contained pictures in a DCIM dir, a file Kontacts.vcf and more stuff, some Android directories etc. I returned it to the shop and they were surprised as well and gave me a new one, now really empty.

    What I'm asking me: who is so stupid and returns such SD to the shop, even hang it into the place where new cards are (or maybe the shop staff did so) but in any case without at least formatting the SD? And why at all? Or is this some new attack vector distributing trojans or malware on SD cards through shops?

    Additional question, which was not moved from Support to off-topic, but deleted: Do we have any anti-virus and scan software in UT?

  • What i know about UT anti-virus : there was something under vivid (maybe you know that) but not very efficient :
    See :

  • I am just answering to the anti-virus question: So far there is no official scan software that will manage to scan click apps for example. The one in the store was a fake, it was literally doing nothing except showing a GUI with "you are at risk" or so. Do not use it. The biggest issue was that it was running under full confinement, so it had not even the rights to scan everything besides itself.

    I dont really know what´s the current situation with viruses in Linux/Ubuntu. Are there proven Anti-Virus/rootkit/Malware scanners that really make sense? Never used one in Linux tbh...

Log in to reply